Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)
NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.
NB: All your data is kept safe from the public.
Factor Analysis Table
Suggested Plan
Healthcare providers are ethically and legally obligated to protect the confidentiality of medical records of their patients. However, as noted by Seh et al. (2020), there has been an increase in the number and extent of reported data breaches in healthcare over the last few years. According to Seh et al. (2020), this is due to many factors, one of which is breach reporting becoming mandatory became mandatory in 2009. Another factor is the ease at which the penetration of the healthcare sector can be conducted. Finally, there is an abundance of confidential personal information in patients’ medical records that is available and accessible to offenders. Known cases of healthcare data breaches need to be analyzed for the creation of a framework to recognize and evaluate the risks and vulnerabilities of the organization and prepare an action plan. There are three categories in which the largest number of breaches occur: portable device breach, insider breach, and physical breach (Seh et al., 2020). Each of these categories needs its own risk management framework for specific risks connected to them to be avoided, reduced, or transferred.
Portable device breach occurs when a smart phone, laptop, personal digital assistant (PDA), or any other portable device is discarded, lost, or stolen. The ever-growing variety of devices capable of storing electronic protected health information (ePHI) creates corresponding loss opportunities. Seh et al. (2020) recommend that all devices are pre-approved, and healthcare providers take an inventory of devices approved and data stored on them. All devices must be protected by screen saver passwords and automatic log-offs after a specified period of time. Strong passwords are to be employed on each device and changed periodically, and a device lock is to occur after a number of failed login attempts. In addition to that, portable device ePHI data must be encrypted, and all encryption/decryption keys must be approved regarding complexity. Device software is to be configured for automatic updates with new releases and patches becoming available. Finally, all data must be periodically backed up on company servers or cloud providers.
Insider breach occurs in the case of employees or contractors with ePHI access intentionally breaching. As per Seh et al. (2020), to reduce the risks of it occurring, first of all, there must be complete background checks for all employees entering the organization. Authorized insiders are to be provided full access to ePHI only as required, and this access is to be restricted with multiple passwords for files, fields, and folders. There is to be the separation of duties among staff and user access restrictions on the basis of employees’ roles and responsibilities. Moreover, 2- or 3-factor authentication is to be used for system access. Camera records, system and building access, and other electronic sources are to be reviewed to verify individual use and access. Finally, system access for those leaving the organization is to be immediately terminated, with all devices immediately returned.
Physical breach occurs in the case of non-electronic records, mainly paper documents such as health records, tapes, or receipts being discarded, lost, or stolen. According to Seh et al. (2020), to attempt to prevent it from happening, PHI is to be shredded and put into secure bins. Employees should be taught to secure PHI and keep it on them at all times, not leaving it anywhere in plain sight. Furthermore, contractors with PHI access are to be subject to regular audits, and contracts are to include responsibility and liability for PHI breaches. Finally, medical facilities’ physical location is to be examined in relation to past incidents of burglary and insecurity in the general area.
In conclusion, data breach in healthcare is an issue that has become extremely prevalent in the last few years and needs to be addressed. A set of measures relating to each of the three categories – portable device, insider, and physical breach – is intended for the reduction of risks related to the manipulations of patients’ medical information. The frameworks of prevention measures discussed in this paper are a key factor of a risk management program in all of healthcare, and as a consequence, the ensuring of healthcare system security.
References
Byrd, D. (2019). Cyber Threats in Healthcare Industry: Recognizing the Significance of Cybersecurity (Publication No: 22621946) (Master’s thesis, Utica College). Proquest
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R. (2020). Healthcare data breaches: insights and implications.Healthcare, 8(2), 1-18.
Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)
NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.
NB: All your data is kept safe from the public.